IoT, Network Security, Threat Intelligence

Masjesu botnet: Stealthy DDoS-for-hire service targets IoT devices

DDoS attack

As reported by The Hacker News, a stealthy botnet named Masjesu has been identified, operating as a distributed denial-of-service (DDoS) for-hire service. Since its emergence in 2023, Masjesu has been advertised on Telegram, targeting a wide array of Internet of Things (IoT) devices, including routers and gateways across various architectures.

Masjesu, also known as XorBot due to its use of XOR encryption, prioritizes low visibility and persistence, deliberately avoiding high-profile targets like Department of Defense IP ranges. Researchers have observed it incorporating multiple command injection and code execution exploits to gain initial access to devices from manufacturers such as D-Link, Huawei, and TP-Link.

The botnet's infrastructure, primarily originating from Vietnam, Ukraine, and India, is used to launch volumetric DDoS attacks against content delivery networks, game servers, and enterprises. Once compromised, devices are instructed to connect to a hard-coded port to receive commands for executing attacks and to self-propagate by scanning for vulnerable devices.

Source: The Hacker News

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds